WE CLAIM: 



1. A method for providing an external client with 
selective access to a computer device protected behind a 
firewall and a host, comprising: 

providing a tunnel mechanism between the host and 
5 the computer device, wherein the tunnel mechanism is in 
communication with the host and the computer device; 

receiving with the tunnel mechanism an access 
request to the computer device from the external client; 

verifying the external client currently has 
10 authorized access to the host; and 

after successful completion of the verifying, 
routing the access request to the computer device with 
the tunnel mechanism. 

2. The method of claim 1, further including prior 
to the routing, determining a destination interface from 
the access request and wherein the routing includes 
modifying the access request to include an address for 

5 the destination interface. 

3. The method of claim 2, wherein the providing 
includes establishing a communicative link between the 
tunnel mechanism and the destination interface. 

4. The method of claim 1, further including 
receiving a response to the access request from the 
computer device and modifying the response prior to 
transmitting the response to the external client to 

5 remove identification information for the computer 
device . 

5. The method of claim 4, wherein the modifying 
includes adding identification information for the tunnel 
mechanism to the response. 
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6. The method of claim 5, wherein the response 
includes URL information and the added identification 
information includes URL information for the tunnel 
mechanism. 

7. The method of claim 4, further including 
examining the response for an error message, translating 
the error message, and including the error message in the 
response transmitted to the external client. 

8. The method of claim 7, further including 
operating the tunnel mechanism to take corrective actions 
to remove the error message from the response from the 
computer device. 

9. The method of claim 1, wherein the verifying 
includes determining a level of the authorized access 
and, further wherein the routing includes limiting the 
access request to the computer device to the determined 
level of the authorized access. 

10. A method for controlling access to a device on 
an internal network by a client device on an external 
data communications network, a firewall being installed 
between the internal network and the external data 
communications network, the method comprising: 

receiving with a tunnel mechanism an access request 
from the external client device to the internal network 
device, the tunnel mechanism being communicatively linked 
to the firewall and an interface of the internal device; 

modifying the access request to include an address 
of the interface of the internal device, - 

operating the tunnel mechanism to route the modified 
access request to the interface of the internal device; 



receiving a response to the modified access request 
15 from the internal device at the tunnel mechanism, the 
response including identification information for the 
internal device; and 

modifying the response with the tunnel mechanism to 
remove the identification information prior to 
2 0 transmittal of the modified response to the external 
client device. 

11. The method of claim 10, wherein the access 
request includes URL information and the access request 
modifying includes modifying the URL information to 
include URL information for the internal device. 

12. The method of claim 10, wherein the 
identification information includes URL information for 
the internal device and the response modifying includes 
replacing the internal device URL information with URL 

5 information for the tunnel mechanism. 

13. The method of claim 10, wherein the internal 
network includes a plurality of the internal devices, and 
the access request modifying includes determining a 
destination interface for a one of the internal devices 

5 corresponding to the access request from the external 
device . 

14. The method of claim 10, further including prior 
to the routing, verifying the external device is 
currently authenticated as an authorized user of a host 
device communicatively linked to the firewall and the 

5 tunnel mechanism. 

15. The method of claim 14, wherein the host device 
is a HTTP Web server configured to support Java™ and the 
tunnel mechanism comprises a Java™ servlet . 
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16. A network access system for controlling access 
to a computer device protected by a firewall, comprising: 

a host server on an interior side of the firewall, 
the host server being linked to the firewall and 
configured for receiving a request from a client device 
located exterior to the firewall; and 

a tunnel mechanism linked to the computer device 
adapted for: modifying the request to include an address 
of an interface of the computer device; routing the 
modified request to the computer device; receiving a 
response from the computer device including 
identification information; and modifying the response to 
remove the identification information. 

17. The system of claim 16, wherein the host server 
is a HTTP Web server configured to support Java™ and the 
tunnel mechanism is a Java™ servlet installed on the host 
server . 

18. The system of claim 16, wherein the tunnel 
mechanism is further adapted for verifying, prior to the 
routing of the modified request, that the client device 
was authorized to access the host server when the request 
was received. 

19. A computer program for providing a device on an 
exterior side of a firewall selective access to a device 
on the interior side of the firewall, a host being 
positioned between the firewall and the interior device, 
comprising : 

first computer code devices configured to cause a 
computer to receive a request from the exterior device to 
access the interior device; 



second computer code devices configured to cause a 
10 computer to verify the that the exterior device is 
presently authorized to access the host; and 

third computer code devices configured to cause a 
computer to route the request to an interface of the 
interior device based on the verified authorization. 

20. The computer program of claim 19, wherein the 
routing includes determining the interface for routing 
the request and the routing of the request includes 
modifying the request to include an address for the 

5 determined interface. 

21. The computer program of claim 19, further 
including fourth computer code devices configured to 
cause a computer to receive a response from the interior 
device comprising identification information 

5 corresponding to the interior device and fifth computer 
code devices configured for causing a computer to 
generate a modified response based on the received 
response including removing the identification 
information. 

22. The computer program of claim 21, further 
including sixth computer code devices configured to cause 
a computer to translate error messages in the received 
response, to take response actions to the error messages, 

5 and to include unresolved ones of the translated error 
messages in the modified response. 
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